Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-58459 | AOSX-09-001240 | SV-72889r1_rule | Medium |
Description |
---|
Security appliances and firewalls are not always IPv6 aware, meaning that IPv6 traffic is frequently unfiltered and unprotected. If it is not in use, it should be disabled. |
STIG | Date |
---|---|
Apple OS X 10.9 (Mavericks) Workstation Security Technical Implementation Guide | 2017-01-05 |
Check Text ( C-59301r1_chk ) |
---|
Run the following command to check if IPv6 is enabled on any network interfaces: sudo networksetup -listallnetworkservices | (while read dev; do echo "$dev"; networksetup -getinfo "$dev" | grep IPv6:; echo ; done) If there is an enabled network interface without the setting 'IPv6: Off' and it does not require IPv6, this is a finding. |
Fix Text (F-63789r1_fix) |
---|
Run the following command to turn off IPv6 addressing for the Ethernet interface: sudo networksetup -setv6off 'Ethernet' Repeat this command for each enabled interface, interface names are case sensitive. |